Behavioral ‘fingerprints’ used as additional authentication mechanism

HID Global has announced that it is partnering with BehavioSec, a leading behavioral biometrics company, to combine BehavioSec’s Behaviometrics technology with HID Global’s 4TRESS Authentication Server.

The joint offering brings a new layer of security to HID Global’s Fraud Detection System without sacrificing user convenience by employing behavioral “fingerprints” as an additional authentication mechanism.

Users today increasingly spend time identifying themselves to access digital resources, such as logging into company networks or banking online. However, once users log in and cross the first layer of the authentication security perimeter, the only factor that ensures they are the same person that logged in is time-based. As long as there is continuous activity, the application assumes the user is the same person and lets the user remain logged in, presenting a potential security risk.

The integrated 4TRESS Authentication Server and Behaviometrics solution addresses this risk by increasing security at the time of login. If a user’s password or OTP token is stolen but the credentials are not entered the way the user would enter them, login would be impossible. Once logged in, user behavior is continuously monitored to ensure that a third party has not intercepted or taken over the session.

“Recent security breaches have driven home the fact that the fewer layers of authentication your organization employs, the more vulnerable you are to attacks and exploitation,” said Hilding Arrehed, director of worldwide professional services and technology partner programs, Identity Assurance, with HID Global. “By combining BehavioSec’s groundbreaking technology with our 4TRESS Authentication Server, we can provide added value and security to our customers by increasing the auditability and traceability of activity online, without making it more difficult for the end user.”

BehavioSec’s Behaviometrics solutions can create digital fingerprints of users’ ongoing keyboard pressing patterns, including speed, frequency and pressure, when interacting with computer applications and websites. With significant accuracy, the system can detect deviations from a user’s normal behavior and whether an attacker takes control of a computer.